Business Owners and Individuals have no idea of what it will take to fix a Data Breach.
Identity Theft and Business
14 years ago we heard of identity theft as thieves taking mail. Just a few years later identity theft has become an underground industry from the low-tech theft to high-tech credit payment systems and a wide variety of other identity theft schemes.
The revenues from stealing data has surpassed the revenues from drug trafficking. We can be careful with our information, but our data is stored in so many places that our actions no longer dictate our risk of identity theft.
The identity theft epidemic is tracked by a couple of organizations, the Federal Trade Commission, or FTC, which ranks identity theft it’s number one complaint and the Privacy Right Clearinghouse which, among other things, tracks data breaches from businesses and government organizations. Just 4 years ago this list printed out in a few pages; now it’s over 100 pages just listing the number of organizations that have had data breaches via hacking, insider theft, stolen laptops and the list goes on.
For the business owner, there are 3 primary considerations: their identity, their employee’s identity, and their customer data.
- Their identity is at risk – I sometimes ask the owner of a business if they have an extra 165 hours of free time Monday thru Friday during 8 to 5 EST, the average time spent by people whose identity has been stolen. Not only is the time a factor, but often with small businesses, the business credit is directly related to the business owner’s credit.
- Their employee’s identity is at risk – Again small businesses, in particular, cannot afford to have distracted employees or employees taking days off to repair their identity theft issues. Often the business stores personal information on their employees, things like employment applications, payroll data, healthcare data, etc. This information needs to be secured.
- Customer data – This can range from credit card data to detailed personal information. First, what information do they have? Everything from name and address, to social security numbers, driver’s licenses, account information, credit information, and date of birth can be useful to a criminal. This customer information is now regulated by different State and Federal laws and regulations. While the details and specifics vary for each business, mainly if you lose it, you bought it. Research on the direct costs from the Ponemon Institute in October 2006 found that information losses cost U.S. companies an average of $182 per compromised record. According to another expert, the loss or theft of just one laptop can cost a company as much as $90,000 or more in fines, credit monitoring for victims, public relations damage control, and class action litigation.
It is important to remember while statistics vary, the outcome for a business who has a data loss includes the tangible and the intangible. Michael Freidenberg wrote in The Coming Pandemic, CIO Magazine:
“If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!”
While I don’t believe in whining about today’s economy, it’s important to keep those customers we have while we look to expand our client base. It’s essential for all businesses to take a look at what data they maintain on their customers and employees and protect it vigorously.
Biewer & Associates offers legal plans and the Identity Theft Restoration.